Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Extracting SSL certificate from SSL handshake

From: Sake Blok <sake@xxxxxxxxxx>
Date: Wed, 19 Oct 2011 00:32:40 +0200
On 18 okt 2011, at 20:16, Robert Kochem wrote:

> I am trying to extract the public certificate presented in the "Server 
> Hello" message of an SSL handshake.

That's quite easy actually...

> The SSL dissector highlights the certificate in the data stream but it 
> seems not to be possible to do something else than just look at the data.
> Why is it not possible to do anything with the data in that window?

... you might want to refrain from limiting yourself with premature conclusions ;-)

To extract a certificate, select the packet that contains the (reassembled) SSL Handshake message "Certificate". Expand the Certificates until you have list of Length and Certificate lines. Right click on the cetificate that you want to extract and choose for "Export Selected Bytes". It will save the certificate in DER format to the file you specify.

Hope this helps,
Cheers,


Sake